If you don't know what's a proxy.pac file, you can read this wikipedia entry.
I like proxy.pac files, they allow flexible and efficient proxy configuration in any browser. (I find the WPAD "trick" very ugly... so I've never advised my customers to implement it.)
OK, so you have this proxy.pac file which has to be downloaded from a web server... though if you have a redundant proxy architecture which is based on appliance hardware, with no embedded HTTP server to serve your proxy.pac file, you are introducing a big SPOF in your design. The proxy.pac file needs to be accessible anytime and that won't be accomplished with a single webserver providing it since it will be less reliable than your cluster of proxy servers.
Should you invest in a cheap load balancer and two web servers ? (the rich man's way)
Should you setup a cluster of WRT54G with DRBD and Heartbeat ? (the poor man's way)
Should you revert to using static proxy configuration and exception in the browsers ? (the ugly way)
If your network has an Active Directory or some DFS shares (or alike) [that's 100% of my customers], what you can do is to place your proxy.pac file on this share and use it in your browser so there's no need for a HTTP server cluster.
I'll let the DFS guys figure how to implement it based on the following example :
1 - On a Domain Controller create a folder in your SYSVOL folder like : %SystemRoot%\Sysvol\Sysvol\domain_name\Proxy ;
2 - Put your proxy.pac file in this folder and set proper permissions on it (so only admins can modify it) ;
3 - Modify the script that auto-mounts your network drives to get a new one for the share \\domaine_name\Sysvol\domain_name\Proxy (for example P:) ;
4 - Deploy the proxy.pac with AD (or similar) with the following URL : file://P:\proxy.pac (in fact you can also use file://\\domaine_name\Sysvol\domain_name\Proxy\proxy.pac but I find this a bit ugly :) )
It works like a charm...
Enjoy :)
Wednesday, April 25, 2007
[SYSCTL] The right way to publish a proxy auto-config file (proxy.pac)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment